From a4468c26fadbfd3f7e0a662bfbb4999e3c72fa8e Mon Sep 17 00:00:00 2001 From: visla-xu Date: Thu, 25 Sep 2025 14:46:03 -0700 Subject: [PATCH 1/3] fix: add busybox variables to replace the hardcoded ones --- .../templates/deployment.yaml | 14 ++++++++++++-- .../apache-shardingsphere-proxy-charts/values.yaml | 8 ++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml b/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml index be081840..6044b3e0 100644 --- a/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml +++ b/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml @@ -47,10 +47,19 @@ spec: labels: app: {{ template "common.names.fullname" . }} spec: + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} + # {{- else }} + # affinity: + # podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} + # podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} + # nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} {{- if .Values.compute.mysqlConnector.version }} initContainers: - name: download-mysql-jar - image: busybox:1.36 + # image: busybox:1.36 + image: "{{ .Values.compute.busyBox.image.repository }}:{{ .Values.compute.busyBox.image.tag }}" command: ["sh","-c","wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/{{.Values.compute.mysqlConnector.version}}/mysql-connector-java-{{.Values.compute.mysqlConnector.version}}.jar; wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/{{.Values.compute.mysqlConnector.version}}/mysql-connector-java-{{.Values.compute.mysqlConnector.version}}.jar.md5; if [ $(md5sum /mysql-connector-java-{{.Values.compute.mysqlConnector.version}}.jar | cut -d ' ' -f1) = $(cat /mysql-connector-java-{{.Values.compute.mysqlConnector.version}}.jar.md5) ]; @@ -62,7 +71,8 @@ spec: {{- end }} {{- if .Values.compute.agent.enabled }} - name: agent-metrics-jar - image: busybox:1.36 + # image: busybox:1.36 + image: "{{ .Values.compute.busyBox.image.repository }}:{{ .Values.compute.busyBox.image.tag }}" command: ["sh","-c","wget https://archive.apache.org/dist/shardingsphere/{{ .Values.compute.image.tag | default .Chart.AppVersion }}/apache-shardingsphere-{{ .Values.compute.image.tag | default .Chart.AppVersion }}-shardingsphere-agent-bin.tar.gz; mkdir /opt/shardingsphere-proxy/agent; tar -zxvf apache-shardingsphere-{{ .Values.compute.image.tag | default .Chart.AppVersion }}-shardingsphere-agent-bin.tar.gz -C /opt/shardingsphere-proxy/agent --strip-component 1"] diff --git a/charts/apache-shardingsphere-proxy-charts/values.yaml b/charts/apache-shardingsphere-proxy-charts/values.yaml index a3d4af02..e53e59cb 100644 --- a/charts/apache-shardingsphere-proxy-charts/values.yaml +++ b/charts/apache-shardingsphere-proxy-charts/values.yaml @@ -58,6 +58,12 @@ governance: ## @section Compute-Node parameters ## compute: + + busyBox: + image: + repository: "busybox" + tag: "1.36" + ## @section Compute-Node ShardingSphere-Proxy parameters ## ref: https://kubernetes.io/docs/concepts/containers/images/ ## @param compute.image.repository Image name of ShardingSphere-Proxy. @@ -183,3 +189,5 @@ compute: port: 9090 props: jvm-information-collector-enabled: "true" + +affinity: {} \ No newline at end of file From 501e280688f837308a3051ca0e61363f725a254c Mon Sep 17 00:00:00 2001 From: visla-xu Date: Thu, 25 Sep 2025 14:50:01 -0700 Subject: [PATCH 2/3] fix: update --- .../templates/deployment.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml b/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml index 6044b3e0..57baff22 100644 --- a/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml +++ b/charts/apache-shardingsphere-proxy-charts/templates/deployment.yaml @@ -49,11 +49,6 @@ spec: spec: {{- if .Values.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - # {{- else }} - # affinity: - # podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} - # podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "etcd" "customLabels" $podLabels "context" $) | nindent 10 }} - # nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} {{- end }} {{- if .Values.compute.mysqlConnector.version }} initContainers: From 26f0254c03800358261546ff78294e72d1411ba1 Mon Sep 17 00:00:00 2001 From: visla-xu Date: Wed, 1 Oct 2025 17:07:25 -0700 Subject: [PATCH 3/3] fix: build my private chart --- .../Chart.yaml | 10 +- .../charts/governance/Chart.lock | 6 - .../common/.helmignore | 22 ++ .../common/Chart.yaml | 23 ++ .../common/README.md | 350 ++++++++++++++++++ .../common/templates/_affinities.tpl | 102 +++++ .../common/templates/_capabilities.tpl | 154 ++++++++ .../common/templates/_errors.tpl | 23 ++ .../common/templates/_images.tpl | 75 ++++ .../common/templates/_ingress.tpl | 68 ++++ .../common/templates/_labels.tpl | 18 + .../common/templates/_names.tpl | 70 ++++ .../common/templates/_secrets.tpl | 140 +++++++ .../common/templates/_storage.tpl | 23 ++ .../common/templates/_tplvalues.tpl | 13 + .../common/templates/_utils.tpl | 62 ++++ .../common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++++ .../common/templates/validations/_mariadb.tpl | 103 ++++++ .../common/templates/validations/_mongodb.tpl | 108 ++++++ .../common/templates/validations/_mysql.tpl | 103 ++++++ .../templates/validations/_postgresql.tpl | 129 +++++++ .../common/templates/validations/_redis.tpl | 76 ++++ .../templates/validations/_validations.tpl | 46 +++ .../common/values.yaml | 5 + .../{charts => }/governance/Chart.yaml | 0 .../governance/charts/zookeeper-11.4.11.tgz | Bin 0 -> 42539 bytes .../{charts => }/governance/values.yaml | 0 28 files changed, 1804 insertions(+), 11 deletions(-) delete mode 100644 charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.lock create mode 100644 charts/apache-shardingsphere-proxy-charts/common/.helmignore create mode 100644 charts/apache-shardingsphere-proxy-charts/common/Chart.yaml create mode 100644 charts/apache-shardingsphere-proxy-charts/common/README.md create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_affinities.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_capabilities.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_errors.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_images.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_ingress.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_labels.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_names.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_secrets.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_storage.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_tplvalues.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_utils.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/_warnings.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_cassandra.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mariadb.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mongodb.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mysql.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_postgresql.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_redis.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/templates/validations/_validations.tpl create mode 100644 charts/apache-shardingsphere-proxy-charts/common/values.yaml rename charts/apache-shardingsphere-proxy-charts/{charts => }/governance/Chart.yaml (100%) create mode 100644 charts/apache-shardingsphere-proxy-charts/governance/charts/zookeeper-11.4.11.tgz rename charts/apache-shardingsphere-proxy-charts/{charts => }/governance/values.yaml (100%) diff --git a/charts/apache-shardingsphere-proxy-charts/Chart.yaml b/charts/apache-shardingsphere-proxy-charts/Chart.yaml index f216262c..ed3c17e2 100644 --- a/charts/apache-shardingsphere-proxy-charts/Chart.yaml +++ b/charts/apache-shardingsphere-proxy-charts/Chart.yaml @@ -17,18 +17,18 @@ apiVersion: v2 appVersion: 5.5.0 -name: apache-shardingsphere-proxy-charts +name: visla-shardingsphere-proxy-chart description: A Helm chart for ShardingSphere-Proxy-Cluster -version: 0.3.0 +version: 0.1.1 maintainers: - - name: dev@shardingsphere.apache.org + - name: xu.geng@visla.us dependencies: - condition: governance.enabled name: governance - repository: file://./charts/governance + repository: file://./governance version: 1.x.x - name: common - repository: https://charts.bitnami.com/bitnami + repository: file://./common tags: - bitnami-common version: 1.x.x diff --git a/charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.lock b/charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.lock deleted file mode 100644 index 0d28fd62..00000000 --- a/charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: zookeeper - repository: https://charts.bitnami.com/bitnami - version: 11.1.5 -digest: sha256:5ca761458b20b497b39d74236615bc87501f0e2eedeca1c237c122256d63ed84 -generated: "2023-03-24T16:09:37.523464+08:00" diff --git a/charts/apache-shardingsphere-proxy-charts/common/.helmignore b/charts/apache-shardingsphere-proxy-charts/common/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/apache-shardingsphere-proxy-charts/common/Chart.yaml b/charts/apache-shardingsphere-proxy-charts/common/Chart.yaml new file mode 100644 index 00000000..e17cdc54 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.16.0 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Bitnami + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 1.16.1 diff --git a/charts/apache-shardingsphere-proxy-charts/common/README.md b/charts/apache-shardingsphere-proxy-charts/common/README.md new file mode 100644 index 00000000..a2ecd604 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/README.md @@ -0,0 +1,350 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | +| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | +| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | +| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | +| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | +| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | +| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | +| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|-----------------------------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Input | +|-----------------------------------|-----------------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | +| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +## License + +Copyright © 2022 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_affinities.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_affinities.tpl new file mode 100644 index 00000000..2387be26 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_affinities.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ include "common.names.namespace" .context | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + namespaces: + - {{ include "common.names.namespace" .context | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_capabilities.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_capabilities.tpl new file mode 100644 index 00000000..9d9b7600 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_capabilities.tpl @@ -0,0 +1,154 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_errors.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_errors.tpl new file mode 100644 index 00000000..a79cc2e3 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_images.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_images.tpl new file mode 100644 index 00000000..42ffbc72 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_images.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_ingress.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_ingress.tpl new file mode 100644 index 00000000..8caf73a6 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_labels.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_labels.tpl new file mode 100644 index 00000000..252066c7 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_names.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_names.tpl new file mode 100644 index 00000000..1bdac8b7 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_names.tpl @@ -0,0 +1,70 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_secrets.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_secrets.tpl new file mode 100644 index 00000000..a53fb44f --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_secrets.tpl @@ -0,0 +1,140 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_storage.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_storage.tpl new file mode 100644 index 00000000..60e2a844 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_tplvalues.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_tplvalues.tpl new file mode 100644 index 00000000..2db16685 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_utils.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_utils.tpl new file mode 100644 index 00000000..8c22b2a3 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/_warnings.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/_warnings.tpl new file mode 100644 index 00000000..ae10fa41 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_cassandra.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 00000000..ded1ae3b --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mariadb.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 00000000..b6906ff7 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mongodb.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 00000000..f820ec10 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mysql.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mysql.tpl new file mode 100644 index 00000000..74472a06 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_postgresql.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 00000000..164ec0d0 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_redis.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_redis.tpl new file mode 100644 index 00000000..dcccfc1a --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_validations.tpl b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_validations.tpl new file mode 100644 index 00000000..9a814cf4 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/charts/apache-shardingsphere-proxy-charts/common/values.yaml b/charts/apache-shardingsphere-proxy-charts/common/values.yaml new file mode 100644 index 00000000..f2df68e5 --- /dev/null +++ b/charts/apache-shardingsphere-proxy-charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.yaml b/charts/apache-shardingsphere-proxy-charts/governance/Chart.yaml similarity index 100% rename from charts/apache-shardingsphere-proxy-charts/charts/governance/Chart.yaml rename to charts/apache-shardingsphere-proxy-charts/governance/Chart.yaml diff --git a/charts/apache-shardingsphere-proxy-charts/governance/charts/zookeeper-11.4.11.tgz b/charts/apache-shardingsphere-proxy-charts/governance/charts/zookeeper-11.4.11.tgz new file mode 100644 index 0000000000000000000000000000000000000000..f9e02b5cf443cf68985dbdb8ca67db9716941419 GIT binary patch literal 42539 zcmV)dK&QVSiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvJd)qd$Fb?nE`V=@y?-RSnk|oDZy1GyIc^unqz4hC%oOI9W z=@r8yB%!7VE&$qAliZ*Ecj1i$NRXmr*@?U6wcA)EFc=I5GlRik@CPB+2qlPa?oA-& z-5H!le_8R<>-BoCx3}fLyd$}2H-FrQOGz=1D;aU0sv3p7_kBP)B*s2 z4v66t4FF*sHbGG&U+O{w5R%{;(Jm&NSD43eiZ@NULBHP#(G`Yqr{C|;?VbZIIh*&^z!sRQ4IQSnzewIB22_-i;L<~ScQH0@Dgf>8cVoqU%|3D#7*dPkX z2m~Y^;c-gk(6#^wA%_6QAz+B!-~cf&A{2xIdwi906atte5e^h9bXyZ5x<27NVS`Q6 zrEWl`EgT5!JYO~;V~Dd&#$j;H@* ({cW*BR_Yxwt9D4ueQ5MJZ@d1*)5@=BzevO zQ;1^@ag3-n7VnR5Aw?VDFb=vc08$#|sEje6q*oFX!zOwRip<4GN&_{-b1QFhiqNJ& zrp$b;Z2bED?sm7|Z++?Myzo<${}BnUSKY=O`QLlB-7Cuf{+q35`TrQt!-zafu6@_- zwL&~bj1K^tz^$FvgI>S?*HM68U+wh%impbl5FG7n^}ic^_h$4O1wA-=y^Vr5A?)vr zw%%;@`#Z1Syt?YW>Aw!PuU`MP|JT+S#fUW-(B>2gI<5I^VjaH z{+pfcH~qi?a|*`5EDubl2B6(;0r27lIOvYM>aQZ^1NB$*mO0c_G`7 zw6+^7;9&rIa1oyx;~|=S{kO|U)n0jMtml2deGY6=q*MixYL$0^)L zNknGgK>Q8J)$b_aOrRgC_iISZS}4~kVgY0jmV~hYNY=2BmAyTJS14j&Hw;0f{^SI} zD3WAW4an7#UKU8yt%?Ki@pB30ZoY1ofUR|OQ|K0mLKAXy5*Xy;nf;M{lG8F@9NO@~ zJBCJS1a2oNwnSuJSdvg0Yq{K9p3TgISc=#X!*NU)#{rm<5CP5Yj6*JvW=Mj`OC6ICX;Go6<9_QR2{){Qzb1wv zq2vl_m2xG@FjYs$YtgzG5b?Jupr=cS;&mg0bTb1mf)PV?2pM2|`d?1+=_im0h*{VA zINu~}G^mYp)vXGpagR(L(xio-bW*tMoJaE z+>LJGjJ*`-=lp;fcqudy<1aS=ikR$!EPgmTA^eOYhGPCwfpez7b*4MT5;`OS+e{gv zopFjow5i;!n=cZII$|hrJnpD>X3pm0IskTCs;N`yMwCVfGkw&f1IVakQ)wg34EQu< zT#UyQ#;Jr6P$adl=GRQjcbj#LLw3zJGqb#tkg$^prcKck)wxbW@eSlCW3f$bM&7|` z5*bC1EMr9`B?D6SSB@2@DH6jvBPqC*ycpqYB)%|&lz}3|BB4{MuK|fcM8?@jNM<&g z;l&HEoAQZRE-7zn!3KpXpGa4Ggi*|u(9Nfd_}W#Uiki)m!18;CA$lXUxzkz~9CESZ zVPLpBJlfos{N6d<-_Z@pe@e=%3I+AgJBBEb|B=fxDR#u7s)&&?eNsNL+sZ-cSy$iI z8D#91&=6#QEZwGoFsEHbMu8wxI(q{!G{pgl#7I+cJHcEVJPe8IVje`8aWRilNfjdI zik>2-B_mn*1WlF2#iUWbAuTtg85*<&g#L#3@74wkr#NogJ+Y8$)D6?;CAyMiRRu*E z!{b=5o+(qdC`(-)u-xdsygzZ(^R7nAxLAzCe}RV&i0WidZbF`^GVMh zjhXzdN)9F3QZdM8PY6c?a15^zU@2ARhU9+C^ddv42OBSod+mN%=vIxc+p!9vu+k3N zn9Y+M=OOwpSfe)^GwM`ChPG zgyJ!uh*6V>xRXf{P%ar2k-!Ar$jK9sI7Wdqo1mC4A)?Y`H*F3;-^PW_;y~f@6S)N= zNC8PDtAt`QLfw$@I*cfpI$*Qv1F&O3O(@!pA`%So9|*jSNN^39_)|_N3S$PBo4G+TaT3T zNeOug0mJb)LfSq8Q#b=ts0`ig+Z1J8cQ^vY3{9^TDP2Sc;B^7ZA!1_HFPKw|_A$J} z({u`$dM)`)yf3qTCe}4uNGT4Zh}&fQGeqO;qBQ{9 z1^P}9Oe9Ci{|M}k->zpO`tR@tf}apf07(>4*ZwiRlRl(>Or<*~UqzU>b9}0cc9D?J>u( z(p`rkIL0xa!Uzlx&fg!Le>mJ%%lr)xlMqQ;fugA##tFg{9PW#GCDy1M-=IkP4u+ZZ zDV7C{Ln;Nc*(aLn=42z?mfmyN0JoS=z@>%Q_x;|b9IaP?A{pz#HVmH$B#iT~-`fEF z{s!o8$)W$F)7t=lbo#RDADt}+*{H)wm~tq)4OuJE(|Ane_88<4gqWg0`oV$-!8lC{ zQ9^2QN|Kb03oh5}bytX|b0pU7xv-oP#)W7U<75OM18^z}NSPN9DyT+c>4+{!KQZkI zpc1HAQ5TvSfL9gx$p0S39MKyXNo=Gt!{&{c#1oQIrsnbO1P2r4vKAEqhwK_mAk#}Y zPVsn*s5DPY`0v!nu$K%}HU?DaDwwQ^?_z2yg2po|yh~!^J z#uOEB7aW|QpPma#AXGw5!1)PER0QjX#%;k62Uwzec=E%kFw}n8JwK5^&k+o9j2Jtk zzs2B@i5Fopz6 z9+B}rreGh1(l!qjp9+nb@oFYkr4|qdVwjbd1z~i0PpXFwSRnpxnv!@r>Ga}z2lN3@A1S#WW z3jQFZ8;mlG1)%PDApUjW48W&OOS-(&=2GXD&}$rzJ0YguXNZmw36Vrnm5s=_BU$Zx z9FK^4*X?%IZj=Mv>47n474B1*DC-DLk>D8^=XSCxaSRjHr>zdru?T91TLL=m$@6w(yVIxuYhBz51hh-_~t#N4D3n=s60t&t=IR@0@kOrV6NKn+)+Z>9UE{u-r1MX;pr2)TG=!6GQ3jm<{u7w&HG? z#z31PN|T;sCcKA=c1hR9$nZTQlr!xWD|tz+ZY6~B>iRrlR^^MMVdI)3A_O#|&XQHX zY6=5IrQOEtRS8DRt!(+!!B+pfehUB|u>p9c{x-M_z}9!)eb)jR-~o6gUc7i=324RI z#>{s)JKs-z2_k%hgks$Q)aY0p0|Y5g6TR3rN;{ zW{|4dXW~QAap`;n?v`)X=SpB={f}X^k0Ll5s^uIwRPR72UIM+yljL;jR>DjW#UwP) z&g8Ep!06?sfn!#sivt=#9HkUpOekU#5{2Lg^#bthO>@;g`AIz5XVqix*aGJ`)ALY>b}Lsyoy*Kk0X1Ofrl1-!bW?B*S-LUB7GmlW z)Rz0EF`a2bjW*Jw~P(5A*#04wG1R(F3X&7AZ@dyP{XO zRuITdn{$DA+Z)=`Lbv8jm8NakfC?=|c!Yvk5TTz4x%T-wvKhFhTv;&XWC}SdEPVCm z0HFYm#41+fsr0YiglWGV-3ciAXNs7PG?!aBjjT&6t|%bWB$WX+I$(6u5y1LoSHYI6 z{p_V~u#N)E3(R2MouVnBGYwU~Lm|*Fmxmf8X#u2oGY4KP12mB5MMcjf;Xy`Zwdt?W z8-T5y*T+~zmn5n9*_*nHhBFc}u}n@W<}>l0qdR_o+n;HO@)f${n=csR9X>&w;+M{d z&<+&U?VU0yUSv6qQbDzZw%3k??4`F4)zC)lM@rH}I!hf$FU!;by0F}iD}nN9Xk9^W zhV@-~?_~?ZuYl-TRo~*a`2g69%bH=RgiOG7EVZfP6%JP5nZoI zJJQ{IM)3`f&=?)C07goT{y=D;-0r~yN1^dFYY#9@V*nY5Nt~Fvj;o*n%Vp%yOa~m? zvtm^UTDvc1Tahrn8)3*0E6g?d2|)Et)Tm+DfW!e(t}JzeyAva>eZQM93_B?16eHH* zL^3ntK}UdRomL(kqLDiLm!%O-5>(}Ci5&qTPWchjBYoL zzgnWDk9usXHa4|j@E*KKNa&opu>O8f)U2Z&2EXc~8{*?g#m~!dTrSiCfch0kK|)j< z^wlFP{_9{RUKCJrwoS|5yL^@)FS@skrUg*=$l zV^Tb9c#UQQ&~_<|wonKD(TU*{wGCpb++4i$IRy(f{l;K7hfqcIG`;fJb%k5M_+rc8 zX$b7d>1@Odwo(ozVzNnAnW{5c&AHB5uax<%c1q~@(2{`I@XG|XOIs#&7KLF#XKw9% zLAlwY%NNhgkq`}~PoGe0pxBZ$u~tlSnlZCouxTcmX{>+;ClR7rEnQfDuXJdHEyLw7 zJ~5m>4(Kz#!Cw=&j%sZubYgfYF(tB-!dDT&9% zSJ4UOxlh&w2mZ603-w=U=7_+MZ3^u!{?jo%>L`qa32yM-d{KTU4RviAv?{4lHieF1 z497AENgtvz`+7sY9V&zOC}3%l5Xu>#D1vt~dWX;u$#b~l6jB&-gc!J;;0P%hOK-$C zQ8111KU0)#A7Odep3kg$U9rNYNXCxwTOtGk4&~5HGyK#^E-VG{sc0I7=Lm)~74>v^ z1}Tgp6g4s*c*+UIFp}wfWOqAOf}qVS$Z*ifJ~6~MUx+cuk?CZ|%32;G4uHYN3F^c| z+U5~tOm0A%U1(wLXFJiR7zpI?^gQyzjh7Wey-_S2BNQ_CyoUD6Okf<|V@8V3o3=U$ zMQEC2ld{yWg3+XvJ)*L^){$y4yxB+RfaBbStqh5l*`PXlc3NxQX&P~yM5vPiSC*}V zNCC+-2_Z*AP9aC*nX((KXeDc}o9QxA>sLb%(+0=mck*ooC|yQZE%?*iEE0|F;armB zlQ-vb$;qm@j_wFnTktOWgUqTqxBDR$i}vq=a*+GVDuDv?ozPSJ&L)-Tis z3A7@i%Ee&L$jR{aJ;=}is0h3OQI1D4WQtjVYZphuQZS1~O};4QWb0g`8RLW^71^Q! z;|C_pMSE4{ac!`rHq=2@?4$-%xgkzd##hyp1FYqA(-VE8J{=3fEi*#8V!e-erGuqf zY&2rBg)_(}1F$LDVVmxEp$bpqXr^5pjfSQSvsj`8wN=L69SDX)6v$w$Ftkam-`gkJ zIjNiuhE@hzAwo+SF8a)=cwu-*XB^DGIv>ugBe&`_u=$**5ET6@Z$`Yg;YLxN;yXkWZ20R8GoQ$SY}DDUJM3Bf*QG?fz;yiLO~ zYUBm3vM<97n6p2UgjZcw%TW1rYDIS2dp;^gy;vXK zy^Hhm=4eG4&w8|3B*b1Mb9>BF3%YC$O(F_Jo`iHgPzCWJ6mA`6-R&sV)(uh)6C_2%`Pzj-?+ zmc>pOV%Cg0;h+v|ZL#jPilpC&|B%q50C-6u&=@aC8Xbk3KzkRf$+Nq_<8Xi9Ff zb498}O0rtQ)R3F^GAF7z?eBx+%L`+g*2kVQFU_8^JHf47(do9co!v3nFjAa}^?+Ce z5DF+sbt&9*t-EmjrkX5s2 zBg0R#*A-kSRLol#!8oXB^oYO^m=amj%Z%m=AxS%;!7B~Upy?vf2-l(9DnEzu*xAGK zV{I}~Esz-m$~YF=#o$@C1`$ccDqE&OrkxR{=oUuN<_n4#r#Rpp4Q52B)A5eRGaE-e zj8#3f9JBpiSN*TIxwY*hpi?i)D^egOy5oq(Fw&~Cl#R#G(Ub#R>)6D~MMKf(euR{o zzhl~v6zUif$wV{SB_;Q{O^y-Sy$(*YJXpT2WD48cd+6p$GqOR)(ZkApJbTnyz%E!h zpXJg*DhR!IS&ujJX6T zbXTirBqf+ZtJP z^-|9XcT>s!lm&pO><3u7g%O`13ZOw%%ZNNRR-QOvUOqavEg7e9Uisdhv%W7nL zvg_@LSi&0nrm%LbY)T#wv`-3(aVWH62qeKAj->Drj3&TyJv?PC)ac!lb+SxUr14x$FxdQJ98;ZB^;pQu{h0| ziB&=oqm+Ia>_rey7ma<*0P~J^sH^>%yghdUSs$viJjo-=9+cnjbp=~%p((}+O%p!b z$FwBEOXK1+Y>u~z9%nmZ_R-t3_j`sN)}(Njd*u zfx0I}tO3nwd;u+uH3neKiUD62i)P(WoJP?Gh)Jn2>HE*L6Huu)rGvx>AQMrZwTx&N zfVFY5C1kAICfW!vQk3S!5h>zgk!D)ixA&0?rHZ-N=)>R{;bn3B8tsw?x zSLxWPJUMFSV_wE2c@>7$FBEfh8VA+9Cv)o9!+oy26mte#;4jmceD@=+MtqJ@eD;2? ziREvD)Da&?dEiF@P?X0NR(9FMkYvFmSpW zDZ{+dWX{=0oj1X}7(Zl?%oeH=K^--jyGdY@48U|IR)e{F#EM#x1#NjOTC)=@c+xQ# zCs>~IppaP0CT3o$Au9>G)wiCf__8>xLHn*4JyT8uXGkyeF;znpu-}%KkULyzL@f{lus4D6SOu(;TbWlN z4#8L+nb3xDZkFi!YiwOvmI_j6<@H;n0}U3bWn2pRy4DE zi8pQc;c|~RLDtGg-V|XwPkGZOOe*Vz+E5`RncA+O3r?$1T;T#6`@k$Z1FbaIi` z=JN(iX7mP2=k#8{cfVv-Z&1kV4Lq5>!Tj9bnPB(k_bv>6?K#RtcUn9rDeHN&bh>gr zYi0=BI5ub?>)!%Rm^y~}odc4EBa+r3$;^;+oAR7r19=)@b$pB5#zuum^I=4yP^EVY zNo8usKXaPL$F7F4$>@ilkM0|9|ao>$4liDO|jNRWH7>;20lTPMAzRR?Ll@ z$%J4zdZw6Jiz!^Fs2sXRI?!3O5)_ z^``ytBj~EIimsPbpFdYrm+_D7O$Mz?V;`U<4-o1#vfYpX2J zaS6k<&`Rd3vR5i=Gy~z}+s>NsEO{%i%5sBdX+t5`zC=S2>p~jIJfYttvMvn{2t|Z# z=6um1nuwcM5xLr&Lb(UOPl9xcVy;hECAd2cU--BhXPHBrc1vMuvZ$DURjP?R?Wrmy zeF|cE@z~vRkZj(!Jm59I%gyXgm@D0^Y{qg2pOGSuS=WC_(V|X_M%|)FqAY{C&eh*4wn~ZYB#Go% zO(yMmW;|R**4S-ZkhG!Rpn3KB+(P2me$xOI9E;Uffet0G%`uvgm{84*<`x6{U1lp~ z$wc$%=bIW<-Gzkg@8n9>D($zbU3k42$srx1JT_Ku7eVFL`JG(p4c6G!Y&LeLm3%M4 zr{3~+=V?@71SL+HD)r`;DylbFY^h*GEUmx_&DJTf0tOGMzzSF`DGdtS&ybqzM^V6HDf+ z86YuQ?^;wrcL^PUDZE=#WcZMg;iHxY-?#HVc8m@Cc^&*G*s|b^gtpk3T5qDV(;YB$ zgQyG|4k+e0fKkl|pQc>yi{f~Eo;x3w9c7Y3%l$j0SQhZ{Blt#P-W5MTf0kh-Qm#-n zvi+VOT0v_ZtL-QtH~Hlia6*w|#!{3AK%J=|?d%{lxSfy)m50H?@q@v!ei*>tR93hZ z4TE0jN63?~_~K}|IUF8&R{45GJ{%rxUK|YpiUT@J%$lA@tolAX9;$0vR6rr} zteModfWwqe1b#XkUS02F!fe_xiBWq4v~OX|+hU;FF+yS6(Qxu!K3%l79r9xqgJk|P zDc|&7mYA#^hQ~1qRSISMP+uXNu<3m!4lJRlFDQ>@D&{UbVSaXS?7%E^BS&y9*$Ouw zdCyz3Qs!^*`5ygp_A8ys)*4~?vp%%=Gg6u4G=A4;rh)*axl`H2LN^SsZZ&RJdyAlX zk)4BF38Fc;8dRM&>yb4_KhGeafFlxQ!GM}7L-A4GM4$`^F}!=VQ`Lqz0GlM?o@*17 zNvMyCDpc~X8B*QfuUR$f`3X}m@{$OPqwhjpvI9Ag`YvRbhvj=2;GlZK85UF*R%dPG zcaS-*xiai}Rwz_haDMr^Qs7-vB(uA`v#uJAh0tGk-YwICirH9)O4I3By6G_UeP^>0 zk7NvJ=DsORzskD{E9Ovji`G=~wpoT!duyg>-+yVQF$VNqa|tD!1SDF>63~z{OW?m0 ztcNlP^5!gqK(9~h41jK9wO+)giC*{LXt+APUN=BZG`bhRrV_{Bxrfl`-j zm(}H^iTJ>}+%th5K$m~nFdEU%#nO@s4dw}m@B_?x;3g2yfzN@uSe(pXzPcwDh9;<( zZJwN791Oesj<2YVUa!}Cy}d2}?e%)af8T7qdHt9E_V(*HJFj-O`&)nM^|#+_?feDw zR@8p&lQItJUwZd$tJt|G^6dSzdwu~`LQKu@7pZaQmBu%M&@Fcpzj@2vH&!@wCtPi)c1Mt$&92b243Eq z8sTdc&Ghl~u;OsKIdmVXs|)4Eemu)oDf(`ELF*|BCNRcq+EpF+K^}0@@n;l4Mq;)B zZV_Odl6WkaA7dE}EO##CO`^A$2NQYrDhnhMYa|J;eWEk4w7X!J0T@ZdIKDv}+4cmC z7|BCaO{z+xk<^By0%ncAQ9AA1{oHM>d~^jHqBxW+`R%tR(D_PO1zau@ReDYpo(L%i zn1L%KZ_t%HLMQ~^ew%T#;n5JoaZDJ;!7&N*&C1W8TNfFi2^5gBb9pN4Hm@iTY{`Vm z`qDVXBC3Wu;T8gOeYm;)D1%9E5WS_Ca}-Mk8MI`Knz{%PNNnREN<#$N`miidB9&9P zOHmvO4qgj!z(HHSZC7>8wA|LWAGE);cJaU2TjZHqnwpzcFlVYBio#=16JKk7?E zO=dp1C3ZE_7hB_aEJ-3Pk$^{FjJPV%>Ev6yLU!rB+HStx`}s5IL;xm9*EM5INXPfZ zY7(7Yb8nE!-y>$mEmVh|Lv)pn9n@^h#LI?QaSZ-b2ySrt1GxC<0Gyrf{|$6H;0m%y zt92Nw^t0-2Wt9y?Gj?XjnQIF5C7I?Ha24~P-J>a|s6w`M9WT-+L?Y`1`0B>?WlCh(-wR?K(PD%oM#amY za~Q4!+5dw?t0e zu(+0;8XA=r?~sEjoB9 z-s<9bEI1YP#5zC-7WI!Z@5H#ZiyV>nZ!lk%G-MXbL^hMyP)-2sj0nAjG+c&!>?YW3 zOv3pcvit16HTv^s@b50k`de?hy>74DZ%!~}UE7AXV+iKmmFoh?k%FqaQB^jWpx|0( z+P;8eQ~FD|L7dy0L2V-4&|K`BaG+(?4IrJ{dCaT>h@aSZmJo+ z`7OA?(}7H;GQtrO!twj5AZ{>01CSSMog$176!6Z z8+2rW(h^hM%Wn$l<)!>}P6*GJn5wPzI3iat%3rJB>$VK*)Zm_D4A%Uo@hVRouh;dl z;$-u^dtCwd-gMZPhoZsZRHgRNXZWq{XEt|4t+UIfn`H-r?q_0`wRpVgoN)oiMP^>6W)(x! zje9;}bB}~NQBc=a%e=|@nETMOuUR(9&gaj1Y2KMrDl^oaDrK)paV*OnGyxpEaF&7< za{cMvf|~BSxz$djrRM3kKS^KSku15?T5(uQX5e}i&{(^rJao#yxAh%;STAIqm9$cPx%~cTP zysh(@T9s79aA*(Xux`T)tjWxR4Y+sRp{eZdy@<0Q_bo*n%`44`Q;0D15y#7a_aKh) z^yfElsKj0JbOWNo43q&YICgSsX_~BIdE`gFX6qX*B20=~%#e6%(w#B@0fli$rV4hq zOtCTIvWq`ZGBsqf`twbMVlenVJDvvmuR-?+#bZ8M2cH0r-TC_sx%yoej|jO=6VSft zw?W&$wREcdb6utsa{%Cxf}vk!ucbdne(C;X}d@Fbn8 z-Z)hXBQ!@LITwkk!=uMAnY;2(^`tF?9Olvt=mPj7ckrF`rX?k*JT$t~_ELfyIOI>;eK) zS)+|@;AR4|U46mg2tjbJ?)7+$3`Jf^d6>RTb}jbxxp=eZ^9!2BxeFASu1Sp3H_+KbcPI4j1}sVc#b-c6Fb_5Z9?NK6+*nz}XfFEhDvXk+W;ExVyNuCXa}@h=O_o&~ z%~f_w#*9r=s41LNrJ))%L$RPS;~R$g#g;T_=0K?(H$%=&lARv7k2&+WgR-!Vv)r&O zZRyN~Q#&*{S(h4|qLtHZXbNJa;n0*t*Mg?cyn&gYXJY~N`^Dx<+4yVeAy$@1V;$KC;}$V1K^mG{MIj>F0Gc@#aPTtW$VgJC~O&589O@%Cn1s%NCgU7KARPfIZ7zLnQXAu9sPxNx?gy-ohe;6+I2e;bvyt5 z(bk0{1Zk{B(l^{$+{~Qec5$m3?z)hQ)epC}fmb@(d%2f;>3J<>;r$oUj{kpskqrQA z@XGB~jh)kTlOj_MnmiL-7&&!*yBrbHa8<5PWb3x&r3v}%xNaV)dyVIR<=ebV&)j+A z*>ERu-gs8;fEUKI*<8$f{xuKcz2g6U=RdM2m+lNsS8xJkPX3Sn_N!w4kJtU@^B<4% z2u51X2@pB2eb#O%;HN8RBuubQ5HbKa{nj;(!$BT))H26<2ieu#O^?F0oTTc_&f3{` z!+IjDl@4k5B%iJ5FIon3Stg z0CVJjZ|luYQT}gjZ$Hcb$9PsL|J9N0JV=vMxG$64=sZonb8B-G!nkQ){?(@EgFn9c zukRk{u$y2d0$|Sk-+HyZU7Y{hz1Pq4|1q8w+keID^Q=@@UVBg9&~*=M&)k&p#jL)X z^fd#JBli@{LqaR>KeVrLT)>L-b-WJrD(FxLzdmnSfhtYS=9P@w0=BYe@bnLspg_=E zT?1Nkou$lOB5TVe9%`IAdg}2Y>DY{GZu^{nJ*Fd$6Ev&X0ZW5jO>y;k?FufPJBqyJxR^^5+WH@%%V&-(u{o(IzZnuXML_O=zE)c%S6 z*|7{fON0O>@Crwm;}YP!rdH@)J7R7i*R#{;$vcgV=1WL8GOIMYEhGG)>%l(ZChrw+O{5!{f4iVeWODGv0+-k`_8k_dSN`9u#}F)V|>3v;UIt zYDGJL>Y3;N+1l!r^8fdq^Z!4}vr7B#8=Yr*Po_v3d@qwq7_sAg^9KS5zSH@S*2cU5 zu3y?ToM$Q~6*i(WLC;9Ij~Pv6jKzl2u=l!2Yc~|vxddw-Q`77U`k@l3B~ca8xV?!l<=F`F4LI< z;$BXoilue|$=JH6qhuN^R`;WINk$2h?_!WvLAO5daCseV71W1eh=oM}qZQ)aw5>nC z(KMzcO$ysh%_pCDS^&2r67-9In4|Am&@hHG$)c}L#V++~w2Cium_ZC>Gc zQ(bxHp}Oa+kR}KofnR?Goe^m3`=3>@O;O_-&D!9%-@w2BdvzI^+p4Ba08Nqq3-|=Z zndjVUxWTQ|8d_I$AHxX$fkF>VpzaOlpqITG;p|V6pqQ};B-a7!Z-I`!?Wcp|%8vc7 z1zMg*CMlQ4y$9`YKK{??>4%G>;fKAW!-JEH4?iFL_weHM{NTgc?r`|a>G}TWLVX-x zqgf@LouZjt%HxT@cWe;%&OtAZY!r(GXFwM)Qr5Vgu!P{rzv1*=S@ zv7pOT8Ve0ncd?m9s{6m*ou0otUQ~4#d;OGDcheqMs_sPqET#xGSszq&7Z~lHs=I{o za;jUCbQ#rMJ#`;d=~|LW9~OT|rK`zaCH*VYr!Jy&8@F+9rMsHmtb|`zgy?;hZUaH^ z2ufEo^1~=yhIpFPuHavQ1AVV@eyKQs45TcD5r89(C?Ho^a_!U855t4=_Xp=64)=9^ zd8eBD1>hJYh%(H$FeuceXR=?@84h(l9n+Xl#8AvP?pVfcEHgt-~GszHfiC7C;W_K&^W?;HT5!g}nK@{mq)e4s_UhyWnp4#uNnK z|39$S{dT>x_G_>6*WdnQ{TshG;q-j}`)@wJ-5vh);r!ru_hRp-U$=hyTyQw}`>}R< zz7PJx+3CXZQ0B8a6kGt-E%cn;ztFaUIsti_z<;JF+e6SSWAbZyx1Npg%d&ZPr!clJ)n%H4*Y3fK>oOH< z8?*};wLx2_l?qKJPIa4YyPSQ{q(yD7mr^7ElSS?;>S+O^W<6DvvV`KEu6}f{oUaf; z-a7=9Na%Dr_Yy-3-$wZ?hW^#XkY*X3R`LNR>7qQDP0|X?=1f*MO=hiJ(hWSAc)D-T z7n4#>=Fj^}skygG+(TkD%cW7c1mXEm?4MBjlyblioLk17YgYTcb>F_G0bv+a-QtSk z!18#t0Pv(VU%agxNNsCN*a2T;h86DSd!Av>Gt9S%@hCIQIIb6-VPD#5@%*gp@%#T| zQXd!uB#l>)19Hy!pZ=RS#q+;!`mdk;e~SZ(dFnM+jBYC@ zPwF%-B@uc;i|%b2Z=>K^&%>Oa%mYVqB1G6gx-AitW|Zt5D%J z@?RgSdvN)`(|c9S|M_O?dH?5eo-cU*Q?uEzX0wV^p>vLQ4jmx(%ivIPLa>16LT5Yc z>ptPLofRE?(BqTy+PbH1_?p!1Q(6O8B*dr~wcp8=q=*7zel?jqZp}he(L-ghXx1sy zexcr?xy~ClQjx^AfVGpdt>H9BaVP_0vJ<*0dzdF7EaZ~`Xq!~w?S-f%v!LDBnc>Wv zCTviyUFvPaK?^8M&;_0%l3EGxoYzeds(`a3RuoC@l=nF1ho1A7_nhbrT3v#@nsrUR zKKFI7^yy)`S;pYOIy)gTp{_CkzDBZgLU0Zje+?@h12UAq5e=Xw42IL||z|DTtb&*ra+?0iFAWca7g%J;hUx;hE}EM1j0{Vs zo6f~}j_g)(Rp6WMg{EQmEoA5n@(E}c?g(wKOAclexV7_|rPF3;6S`2a<|47>%Z69o zBWR>VSslREoTm18%8G3GN%7wb3o!!m>05Jl@~u!Ta#211S0;-#yoeApq&(BiYCpp7(`Gm04Evc8%N zZENV;RcQBnHgihl#__5!vp}r^yO@NiF>3Ngh6>zlKngK+ua*iat|=vRD%|LR;+k@* zNL5efv9JI*EIFp_xA$XZ2mbwM948T?MI+04c|T-r=&QgrArTqRh6zP5+#@mL6ylgW zm{%0JZ$GM9&U@8evR4VkgknD1iy&h{8RR8PpWKyEb;WsYvS5P3G(yy^=Dc=89{d&N z_Kk!?6r>VMMW^!hILs}e28v8EuYm&E8cbWPdDKFs8S%wL-!pfyl$Rg&PP#g-eun52 zGbUKLw5Oh(Z4Z$D+8^aOQGhy04#_$^E!BFZsZhp2mUrxh42m!gtQB;&vTWCMNmlG8 zSxq<6)jVRlz&La-qUnG!6_U=9BXqfa!IJDd;4gqxglA!Gzq#pmXlM zT&KuvG>v!JJ0@@E8Msb`V$l)%k&-k4pFhvXL8g2tmja!s;J}1WKp%9b@Gkp1CLDC+ z0s3~A#V}zL!rRX4h%o*iBa+6FrSAk4L5DsHF|(SgEB^>1 z*ANpqepO}vETdRhtCohgEDI`8^2oL(a=Up8_42&GRqn{*y`zYclm>{o^|IGquU8$I z1rb!Bj>VF%Bp{WZ5NueSW1{$(-1eU%l^Rc6yR}Y4#?>u0noSjMkxEZVO^(?48R2aF z^VGCnZCbU0ZlpR5Ce5^C$veN=Y4m`Trb@5t#L$~g`d_OMif{ZZeEi=Z&QA9~oa`PS z6!=P7)IT_v+?i*DQ52q|QTYo1g~;`C0a;n`tMM~;vur_y5%RNN;(8XPg?o>KqCT?B zOGMk8R?2(#Gn!SAGAck){9V9u$`KSB&Dq zIL#sKQhI-BonN`|e0z9tvU_~^VgKOmyB~dqnHEtrhIFRyrw8p3j2LQzHA`hF`4gh6 zbUcT7*8QT%wIKI*FLpm1o&NY?|M0vLEsvL_0qC>S^NSBB?~dOd%!gdKeqQPHCXHMi z?*07X;?TdGcbechxW2$s)CB6`$>GI^qr>CFi@9KhYCFP0I5&Vh{O^;!hH%*|4jRKf zJ3siadvtWV_hESWKl4eEP_!FGBpBj98j)jovU|37`tGCw)-g;}@MHt9$GiV9%j~_A zf1C{GLZ8Arb@#(wd>6AOO>7_i@?r1v_;~kZfB4~-pAIh$jt+{DTuQ8i!}Y4+kf^Z;uYVD=~M%&k$>ac1&_X7|ETx(|9+E4$m5OcK6-I z>DjyU9}hkpo?IN9zu!HY+fkTulB85xG<1v(%_*vdT01|u*gZV?(2PU!76q@IBQfn4 z;+WyVaCmrnA}9UnyZH@H;oT5P=eRkH)r8|^>gpm#eq8iAdrx&c>vf^Fn-JSqc|@X! z+$t$qtX&YHrf3Bu8KHqm+yIg(S^ zLI3508{4_DZQHhO+qP}nwsB+I&W&!8Uu-*@=h^-5zSwu&)l)N7GgbZVK7Gz-(gWTC zKTC>}!#x>V0<ZejhFYk}(x}Xl*i55X`7Y+G7XAO(z@*(y~ zVTA)H*+W0B@cG|X51&eu2bCbx^3#wq+@ds$`PF3}jWqJh&EWF1%zLoe7;GkgdjVE0 zL6J(dUy1b0(>NW@b3H;uMx2K$OV)j8_2nL^B~~Rs&)i^Vx@~??pK2crxk1hCkGc_P(g@pR-R9kZAt+JE4AmeZ7PiZ{r^`TYy)TZCmO4-B$R3 z29^MhH(pO~2S(%}uEX%-5a?zRo~aa4e^qOGU=-3EJ~3Euqd$LAEch6Y*%0gu$qyBa zB@J)Nt1stY*HAtiHM&_n7L}thqM+Ll{q_0!=g^1;u++h@TiOKZwy1I!TDx|&a)*|F zG{Y6Eemv0aj;*Ea`BzEAylsDlwlP&F8}nZY@IuVcPmc z$Fr`e;U8H)0w{PbB6NGqUW;g<%j0>H`^0iEV>3*(X|$4B z>}Aj7nEq3@MWs8gc2tg@6(7Bp))eU9@cB!EQ;m6$&LmeR{sKM{(a0=S2Tf*R;{V4S zD672Id)SdP>DTJQNcK`6ssG z(fpEnrtvLj=@8a#e33*1s4PE;VJCgC|tcw~8) z(lqte2n}=7t_byQyQ$=sx3Hbn+n6Ani8V123V9^LNIJxP9)nbLXZLi4)#ce$D~$p> zF@P^=7ap2WD78Uu3B zhtjuuKW5!1g1oms%Ja;cx^*0ytIpi$5$bt3_qGkA$rZrpSM#d0iCARJG<)%7Q2Cd} zTtN8vQ6-&k)?(X1dcK&@>O`utHVey0P#WTVB%ue9A}vVrFD^x=5zHG z)ry_=A2Vmc@lgRj>bqhLGT}v9(}AW3wtFFffG~eWFf!7@yoRnoiO|2^QC-obV~o4{ z658W|9C2dcj6L%!4@X5?k3z9}YWqMoMm1ybIazCL69m!7Z`ujoE8(<^A$0~Rekp#| z<=&%RDE2}w|G~2`rD3`zo7W<{{a_&zOx37B=U71(>REQU2sNL$rQyUAaMI9uZwZNr zeJLJC(GPw`r^U~wNA?AYfBu@wE=b;fXbXZ7IKTeB=-KpptaAB2uHL!-%#XkI@dB)>my!<}(xN4LAH!K+U!Qg6>_xJ1u|I_R@|>Vifq zmKm+{JWJIXT%dQ*v}&1RJ15K`vjBNhNl*XNgbC>X-~}Ql5u*i4dY~G#aT0pr4Ekro z4ohkD#@B9TrM99}p&@uYWtW0|jDnC9*DRZc3K|91F^sJ?ONdMCr?zENkH2T7ZuXm& zy3GgPN{+G~4|7j5(Ly{Qbqk-tj#_(^LxA7~a(PQ*UVp_-*SQ<8n)`DSr5aIFBz!u|6Ml=?=(?R; zb-gpIg64PVhm-f(P``)NF2Pzh;w3|ByX{)1L)ZPlc2e6R5>0hB_P6fMggW#o^-2g1!{&S9aRk6{K zdgCjz{mZ|(b%pxs+vYic?T7qQWA#~2Dwh10YP;)OWW@eXVpwR<4dq^mRoq=?&TN8XS&Z40uS4XFk#cRah~3$~m5&caB(EqjT7ov_=V!I?*cty}sP;}D{8{+F&xR%_R-e$Vx%nNL=0|E+%x z=7B&-MhP1J4pFlrOYw>e*1a-97?fRwL)ynL`Y(0v`#yO4^C0+&MaL7n^}g@h%iP<# zi{ZQ7%`NZvyO`(u)jn4aqMzjS1g0DrQwH(B;3pekuH3#>E&9ppRu#yB71(Z7N?om5 zCrT+hhX~97AvyyOv>%#KL54EsKYj&B3M^y8H&7-JJ1cm@yopQk9ybF65emp3)j_`$ zClury5@HhXqD`wWZzm$@M6I97=s&?qyII5Cc)D3eg=Z&3>2B7j}>4=t&KCbkB@SgMBbQl$Hj++|PX$p6aU7tM1%diK#*AX#OL~!Bywfl$q}j*Y{s%>+fs)n? zUK@-^ij*0d2Z9W9!*5RJ2fxesz9yT1B9Vy+CitT7FSNiyPam;ln(WHFYyfS{A=dKO z>J(U=*Z4nJA0Z=;7U<;5Ari_Kx*Zo`m*&noOpYqw?VSj8+04s>T(gn@4ao%!D{sZeIwv57X(U++GYengMKXV2 zg$T6hSlEO2J*qVB;)o*uvJAsGjp`NP*Zu&%_V2ZC3s)6+eb@Fsytn5UJxQoWv2hiQ z4AV7|BZ~}K6P%dw6ec-k!19!f-Q=7bG36zC)vkg}=ot2B?30E{&9aT%54bu<&U;Qb z1~_9`^joH4$Og=#6W23%_cBK zZlePVvkck(TF}i!Q26x%{Ydt`=(gIm@&a{HJ#*v@@hY>_jBK)bKmFo?@>TNrN-u$# z_BSl#t5UAktr2AovE!@(de!qk!S6|Hfi%F=I5!908+Q6ZOk2$?Q7P}Sx@mi6h^g9w zojX7#K%+oP(B>dl^?hi2XTpEIkxVX-IbPsv<&{A4O)WD5CLfwcS9N^=9%n0pL$^9U z92j2H>)Q5K9R`kM8d1g<>_#*pZA)>h(ioo3KudXn>{W+U7R948r8A|zH}{K_e1|I4 zi@%iO3`x>*!G-Is`Q2aZwv7s52-4W3Br|K&4UGxV7@HcAOtXxg@HaWWo}{}vSOvJK z;7{PP(0DwjbUPvZDjO1k4c?VjFV=x7?o0}8YEvjp{}oI z{nJFEw08b`#J60zXY{>7D^!Xz&M&A3BqJHopGA-`jW`>SGp1eytGv)EwBbDE!2tH) z1FP7bXUH6c)Ep9pfDI>RP`s2FjWkKt-cO=`g83fjIKDs;i@6Uof3(IHjVQI5mFc@K zz-6Wtd%ei$jj005#-Rp$b-C+go5dW&RGXD0x%bc2`crwedn28T`vPg%;Zu3L!wAtb z(zVide63hP&D-i)q&~*J1lJ%HAS?K6Gz|U8Xe)x z0dDQVCEJ-|iW8UVf~`m*0uv>SN>_4qhUCBUS=Y7lf0=%@?CEs-gm}cG(jDnY>R_=r zouSPAWDeHHk3fTV?SH|{H+6`dCdhlNw9svUctBup;YfX$p-A^2on8>>DZ(zK<2;hY z61ia6!c|2C6Do|25k7oC(!+~U2InY@DB3Eu1bDQ`H(bM^pl>X|msw7y^_gl>Z-W*N z1$ji&E5oOphi@Urna+abz}G`c6e(IRjn2#%hhen-{v4k8C~?>upSl|>XlTihdx<`P zD-u{0XIR^7{1BZIn1=fu+&x-4>5qkvJ^YUgk<@=IFk%-0@&X?Ua(JAjN@`ajOt{K? zn$SI3!{=n?za5=LYZ|Zw+%B&Ui2H!{tv`rsGkBq}o} zKGMoTM+e`)^1M#!^WIQch`TD5gi#Fw++fN$qG<&Iqrl3o=I$o6G3^-F!}*0@92r9*f3U_aqvr|sKI3KKmNHy?0-eZSJSFC=T{?|HF1^+zWxWi1Q9MIBM_Uqp@Xf+R6Ax^d5qGrb-Q1SDE~k3 zB~!Q8UprzX9pFsdbt$N*qp)Y&LQH9diq*ocAus2-x$5=QsEE;qP2!6kLHigezxICs zOd#Sk-I+T0OAPUy6mDnGv5=_;C_^E#5^bLo|5&3`_5AdCrHUkII!UV^e01oLeze6@ zS3~;VXw8XwqE3lRvZEIW5_lyk#c8-9s`$EjMMMUic;b>vU4~F*hR`)B`b>M}l*GYI z%%3{rRSKb~&>c2beq&dGta9Rwvdwz@Uj~!aow12JV_KH{PZ2{~m^i7=TC=Mf5zypXNRQe;fZ{ z(xlTgweFI_iIb2j*1p6w>w_$%V4ro}-j*Si(r+rI@+Y7K6OV8f8K75EHDd&O^5gp> zEcj>H>F4cw3A6XJ9Jzqbr|9TwMaVnW$V3j!w@>o_|45}wWkHG4fT{=#KEaHjAz!ml ze$nSUHOQ#7h#`rq_q@?AMHdgXyqvBi$@^1c)`SYe*U`KzrL5@49D+g*37Vdh8}NOJ ztcP%OATuahY$CofJaS2?u?p&vRnC3Hu}lw@eFrH_j6r$C)d)85f^I)q$<_b`L38A( zhMgcE6qIxzDnfdRTXj~{Ii&P&-Wbjzb_OOMI>dBn+;aq{GC2vU%&eMr6r73#SWSF~ z@w$OuOg#oisPSVFbQ1@DmKBM0=qF*cKN!UovdJw(^YPDfHX0T zoaqZ?%>BrGUgwjXt1($i;#DN};Q7^$h0#&&pPNMETGLMu0%<3ir@L;fNkGz)k)v+*;i!V_|j9__Lx7bjK(jK2uo3~^W=T% zl~h}#PCktPOj)lPqgr^>oSW5J2!+jWLc~7y`W||PN z+`)mx$E$R*vf^Wv@hi}kQ_O9>qHjY(>OqgtCB0$u~YuN)(C>CO` z@L!%3bgDbRhn2Vcyjc_Nu8$iKUa3&+|l)Rm8u7vLVtXW*RF z7Q?fOA&66oq9a3Xgo^wCIYfC8L<8MQ@pgK6`9-HcR|+l-0HoblFsh8?v9bEJSqR!i ze4p9E%;_Ztmb_W3EtvJ4P%4V7W8+yV{1WcYh?-%k(SDY!T!)6!E)YXO(=IoJ`SoU% z4^64{pYHiegM29LTjhKMm=%j+qaWOR%lJYJdsf9d72JEuiDIE4%(6w1Q8mj2N^zL{ z5IR5%^gp-AhZdz`p*cvnW6?B#%C^?%x=LQGPbG)JwPMj4T(!~&7tp^|ZVYp+Sg?RP zU;Cd&z_Vh}8d9@dED?!^qW*VGyV5WpnfDi~+tH0!F{w>yn6K6H&1L!c_8hVIDW^Tm zKa_Q4?Xs&N)zS6Lp~z{;Y2p3)SRPeRFq5%aTxP?%u$5&BObq!*oYrMbEtwqycS+@; zOf30G^wi~u8%VHb0wI1RCtm-2SwSlCMAM_ytSH(LN^<3KMM4RQF=G_yy@+C&Wgd-k z>$km9v9yjNYI$Oo!ZGq>6b18c1+;UCheyp4=SsnaA03P1TyCMo1GW!HQc)OPoKOLf zkHh*Szu_MQnO+r&C6qYx1k$kvk@#wrFf5Wy= z&PA6G5TbP}O2TE0c1?5j+Y38+7N;Tq&Je%4$}v~mN!aEfyyYYWdtTdLo;SejTS}cP z>L!d=$W`NM4r6Pd8m%mv-hif5M5S6 zLoS9LA;~v(U#UHz zwK_r73nRGCII#Al`bp;BfF!`amIz6PASPN$A38Rd->Lw-NeQvetXH%1$HzT_c@=|H z6oQi>7reh0G894o@FIVgBaXSkD+$7>LRDz>R~;3@E0-Dw zKpDRkRL)Alm6PCs_KdATnZ{ZDhpaO^k02Kt5;C@-ikD}TtS51lv!#%ql0qqF;n#;Q ziqxHK2@VOjGV-%!|9{Y&9vS;XTezG+meFq+fL^MMSs)jQXo^ypNEUWMMdiT5ld)9(MYVS5P)+IQ`zA$ znoY!#AV_$9U-4?o>62K$!X6o96e6THSyk?WLs^Jj;YY(t14BVALn@k~C?wE~Tpw9C zVZdWXx&F+9wknZ?COMMWZ+C(E9g%C)$yPd z{700E;I*>w90aVXVaiPR^^TPX4NEN#Nj=?(MYS=%zmf-&#@^9@tFMO3+HUc7{<1>DvF#q;jog7^;b-}NEFsNb@w9s5&O~4%(~41LLf0n?K>8s zPsbx6uXd~QG7ZLB#<9b?QGq2&GhU*5x;$xUy1Pw?aO96$ReV=@_Y2zUKmJr3nRuSR zx>)?GUN1#^CQflM&_B9HKyX(`LrRgi$%#kDG>%%ErrV9ySQsNWQUAAyCZ7J^2-r}DU|lC9jE zDQ!SL+=7L`>$Xb9_Grecfv#6a^B5r!aaKyP$S)WcFjHEte82wgVCn;@m%^joC-tyl zm50-N8?5|c#-viH5opHPaip`WXH8TfmY8J0nMIV0Y3}%R6X>Ol?Cq7JbX~1-^qbOg z%SBF8i84RPTwr4+!x@V({ZzP15sCtm*dcgQ^_5Ig{=g{|WMX`Ov>T=03sDc7tu{Wx zoN=|?VPHVf3Dpg9t~bz5p4z&9WuYm>X1A)`J=ze7OuMUIsEHVSV2CjxQpaC!xQG~j zmF+C9vkqHR6qC&v^0=+O-rs6H!E?HA@9l+NaTGDewCEn*Z@=9ztpKe(Eh}L_0KDFt zA~16BH}`IOX0O1h53pg6;BKq-y-#Hmf?DaSl>gwQU}U2Ngw#gLh+Q#BedBxE@9wn4 z(!^cuexN!79)>5gQcRCa&$lnGJL3Mnv96NkedH)3iKs}3j#!8F zNyz=G=$~O}!tQ}SPd!AP316fT6R#Q7`{0|5|ANdnsL1Ku{z^rhNS9a=*k66%oO`MR zM`A{~GnIicq!Gnv_ULhnZ&j5{N13WMz-VX7y*wV7QMMMNU-{V1;joUH1bvGdQf53E z*xv}(Pes`(rI?%b*%*NV{tx%8Re$t~xZCK~xRo&M^{ZlbVv4dv-D~nbB5ex_{^J21 z3VqG2AMms}=?S-HRtpG#j_JLAx4|lx{t(`HG_)zB-p$Wj(;`4PbSVOgG z;>fDD>8$c;^2tYApU3O711`>L8A6Mx3O#iOYI4`j#k;$EAWf=d&T{ivh9(Yr_Vzau z1VqRhw$xvJ%dI8|qcP)1n;z35D0?BlvrO6P6eud+#v#YfrsR5JQ~8EW+51CMzq^Hs zQCB4(Ph~GvxFBmqD=uR`eIn@{H>$OZn4!gp80)NyGcX!^W|$bR{HCC+Sen_7;X}8Q zyLW6Erl2QKFsnrOA@R1=H!L8<*ThT}K_RoxG<>yd+GE z-6CqO(PI^xLze#T8clg}1S0N!s6aa)IUarDHUSII%HoDI*3zKk4R%+-i2*qvLr>my zWqsV-Kb0O;(U$xKH~v#CbgriBN~XhDrs&e?ApEPk121j7%e?`f-#$sxR2(3>gOyRfbs6OLq2vwP{Nt1fY)%y(z zabm>2W510$JM9LJF2dGQ@olERzHY zjjU3)4e~FcD!i?QfYhgtS@Dx1HP)pfjIkv+-4f*{F{>Hl!N?)WQHCG<>XZ)3vR3~}Q^{lVYqouaZU*F1vZR#$&XA3_?j)_cjzDkmTDA5Gt52I#P zPk5~$WCZAN|7I2Fi(A!P~9nc4 zJ}NRN__#a3OuQn|dDBRGAMu>&$LJCwJTJSx=N&pNC_^6GGcWh-stR4+%`e7OxCU3l z!;u^I1b3azJ1wv5O$tj#Ag;wg{IT(&gcud)utCQ)L;H7Yzk^^x@E74y4zr1+B?-r} zb=9guSPo48(LkVUOF)QFbeV3 zw_38icC0OP1$frot0j2fbF?Jp(zr^5TVlMc!rIwhKKBFLE*7z8jd+`V#a=r6Evd@~ zW@kQnj~#gRKTU1eOSzSUD9qPq#dz!C@xExUtty_Cq#zZg?+)K}72ob}xILBdRh)A5 z%JLKhr`Tfc-FX~m5~)c3wpk%n7w{cVciqC_QR(i7FFWe@V}AO;n*~(nmNHnnF_x?f z=Ua+D4}0FDfxTnKJG5h+-Q5qGG#VnfUAQtwbZg?{;1NUzZaAEq+(jCFEt zKn8vtYv-8-uI<;RghyuF4`U)%ej9D%-tIV@%q9VmGA^-3g35}2PWjNzC|;DFJx@7j zcmKT{?mHmJ8RC8A3@_t@B1M4a1xTG!qD*Uhsri*G38QFhY1QrW{6{?wd_DPF+fBJP)i%0 zcFy^Pq_3X>U+{r}{4oALUXzj?3|2|htxd;0y|^-?)wC3O474t)V+7;EZ9HNcn&wEs zb|~Xs=Jj@FinN;!@DC@KryD$+NalTk$R?T$3o4^I;I7X1x6|@>!8JDqg@@KuVJvML zRQp7nPYFp>AaA~Q2~y91;-J#OdO1GgkVR=+I|rM_$Q#|b-zZ5x*1w3|Xw7cgVS%T> zpd85Igq%-h(5W_EbBs%P7oF7PiTd$Q|3Ya|_|s0XAv~+bpz2v@!2`oN#Pb(VCx-Dv zLWXn2v&|ViEI_e!mgO5GzG=`f?}nU|I5Krop!(he5pwWff)tFNXq$K3eJ)V|R~oys z96{My)+x7IMX>QeS?UrIPn1U>$W*vlrfF9RrK{cFX!Xw?J#^-55Jew$Ja6$$1EhA zgAn2o68zw>^6K1>NIwjg!^=Mn1+52#K6SKsrlvL4>IiVuaVIj({NGybvDQU=`BJ@{d z$sB-q*=_{@BC{dR8j6`2zS3;tzA2YkAe_kL(r3sE7$kUnL$|0IVRXtI#agxMUC>>K zp+H}c>^`kqE<`n1kX91{_&@KsVyjT&O*$sy!u=#4G4IeX9U$|73TI18+_Q4K8j5jFJXngx#JT{o2%MAG!GU5|Bu|{05p&2vRxJxIh0_IcSAoIEj}iG1D5@(X)a3 zUto&mz1`s6k6MjLKZHC^AOQ5C_q;pMr0VALUZ=8p&Kn=NG^hF22aGfS7@kD}EaU#>}CZu!{2`Ubl{iF;)QTL~!R$;?qYzwgdY1|9$H+kEdK`nyF% z>ZSm0XDxnb>P)OOC}zZ!gR1n$2+t|iE6G{PSD~uf>#Oh13eyW|${m1ta8ieEy$eZU zs6bTh(E;F@XGO9F2b^=xT)n5k3d%5QLsJ5O6}8b^Xr@X|u(BuGqp34?#R15Fc2Ep3h;gc^c&q%_fntE&cti)T?7wi1hKV2OfGLnKq^l_xd)50 z&qU8}gmx$_qb9s5)sJM$Zlt$KI#FE4D>9oPTe74MmAu{3oZ0Y1olY86XGIchVhh@@ zZh=p}sepq^xC#6okhupn|O%>gQ#~Vq`H+?%Cdb0^dNc z>c!K^P~+N$>D5xDI7B}6!liY6H*vj~A+YuXFy(jsz!`;UoqL8ASkzI;?b{jBCZXuPV#9@W;a{W7E76U7yQ%9lHS|dAEgrN)(M1{mK#z`Q0 zjB_h}^>tKl+-c`hTR}B2ZC~mv>P!-f67Y$xQ3W^d8K@Bg_fD%4F8J)Us#I-8NXFo> z(vL9~sgzy{>{pwld6wmsk0ooV1DkT8a(S5~Mq$fg0t13|wYGZQBPdBaT5O6bpve7& zsyAZCRGjE>M`W0y5Tq;=g*)2{xeMxxO_EsEBuYy@Y?7g6jbfoIOD`f)LI_jbQJyYQsQ<(8O1*E=QiG z(2jJE3fe=uX$8tV@}I~y_HQOWMj6`I>zuMGyL7n*YWH26QlwOAIe2Q*Hdh0G!|Z8K z;9gibgkA&yp6VIicz|rQZnmYjISlww@fd2~M0=3Voj2i7te_PTpRCdXwaqTCYW%dU z#@;ARK@Z$gw)B2K?J`U%vo5hGbTZZ)Gi9xmRa#1D4Qy6eXX#f{m!h|uPQ{!hrBamQ z4j^jA#3;U7?pblCxoW4lmz5a4@&qegZ$_z3tzg@VYB*{(BWp2vwFbt7zJtPUV6npf zD3q~F>@he=qShs}PmzTq)?uX-w#Dv6qrhDq4%*k`TESqs3IpZ=67U=m12gxvg}Y?2 zZvUb|6$>u42-^(*s0T=zk=KDhb| z0l~>4=d2kR0gmvouuuR`P!#l1rt*8;30e|~743}O8@%=)fH6}tHbP1*c0$B%WjxrU z=|SXDY?U(k`H%_!ReuwfC+5=v%OYF4t?9!!w6y8m_uSUo%agDbB`NIWG&dWixCX~4 z!T8qJ^!E2$3sxc!;iFPgYBw#{_Pj6^IRtB)hY5>%BPq6-+-zWqwj$z-j6s9y5*-|BN(^bnq*3`{rlH$URhc)S3XP*DoKrHxfog>t%AKKi zJFJ)r9n_~JC4v>Bq$zSJ@KDqHBEt<#H(K2F-{pdKE!hSez{%RB@U*d@xDF?rPah?T z45ie5*ocDu%9sAiP`E;h{VtBR(M;=X2~ijGK!TOMXqc?&7g#_U>*>45u*}wB$`P&B zKxyLHG+^pc_S$i|k$RTFg?4|zrvL`lLKc$&XwNiRF-j8dpaFnnMU0nqpqd$zWe9A# zF+1RuETgJTgH9ZqZ4=CYH(TfCg9DIZ401D`yQYdm=|QMFqW=O=_|&!K>Mo_gR#A*i zNlIy;d>58v{g={)!fcjQS<^wI;FO>*J4crEoFIGg{-rxVmH_~IKphOAa3kr zID1lOioRV|^6SJjDED=fkL+N`4x@x_eGuD!Wbs^Tf{l(ro@fwX`OiwOtC(Z4gNGVP z0jSR_k}zYo;$&dJ{O)#8?q%*Jt*Pg<85OAw4p?`M2w|^G^nJlYyezhk_(j% zo68cTE6S{2x!>l>Rb7!;2?Ba+w6L}M9}U3-+#(~JNFz2?JmRc=U?qV{dJ*x>kj6QW z!5cT~KO#-We#Ng6z7n`{RfSho&K9Z(nIog3nUq57Qt?28D)SZ;&nknU2Y3u5+&rF_ zoU>hPDK{FwgVD7!8Ngr*6w!BCl)-Pih5v3|;tUz`9Ez0qoJ|R82KKqNz(sriL1=k) zV{X3z3pU?@uN(25IDGrHu$fL<&2mpobZZgV&SGQzs(5ML3 zybR{5ZRLAMHTP9#aD}QeE>sSKLJ2t7)ou3rp7th-U00#k1P~;{K;Y7k?%Et}Eo^HL zDr-~efZ$S`JVaL(!PWUB1*O1MmXN>EjbxNk2~4K2%~N?TKt+JtO{a`)RsOEPWps-T z6{=YYDPNv6SsrG|=#SJF@qaOn2DI7-^ zdW-r;)%p7BI719*2br^BTo@$!`QnZxlv>}FuWGnDfjtkpTdws#&b|{&I+%aJu_@Q(29M`Zh@B%@RyI@O zA4d-Pkc_H-n%#M_x|u9@j;zPyY|MD z7mcDg96z+oLE1~se$|d=A|292K-CN9j|Oqg0!tt9;KVAw(C3rh_f6t@VC;PO$Z~84 z6|X#4H!RIOeNn;%&rLR`y6tBt)1N_sIuZ_LEJ-`1O>bJkQch|@F=Vk6!{+oP0pZ~4R z^TyKGY<}DOoF0$&6ZyK{7*IN|a_8-r<@>5{D#UXtPughPF^~kV{qTzqLL9VKJ*Yv+ zR9;$?(jN{Is8*S+;Eg!pB$9XMvG>)#Zb3Y2%Xk+<*0zRPVxc;HCu~dN6DY1(*l!z} zcLjS;k2nF*gQ-B24l7|{$hHh?ZNbMe8zEPLipeyeJ5aun3NzVy{dETsi2@HqY(|6K z&g3Ebo{~IHbtgFW5EqQ{4)q;y zz%rgG#;X=DTxZ&`0loJ`hIHRdx#TVgErJ)*Q7BKHzwiEau9ZuEX=4!DZI2(rujihJ}~Vk-4QyqCX2@E5s7O1Ujulld#U zE8B$L?^U?pNbQOfIRZhM^P%%Un!JCbs~Z~GfXm>V*w}D9?TXD)K5qvnX#HJk`I=!P z^XdZ(;Ok{=iD1!ae$%^6z3s~Rzn?x0z4gT(4~6fblnef9K?0KZ%ID*Z3jt|%XbMk6 zSv*SR8l8$HspBv6PGEPQwcr9Q{z)ArT_+S!+f+Fof;d15i8GR%+ZTRKy&(yJw*fEA z7dnob<(_~2IxGRjZS{0DV1^cj&b@w`a`Ne*hA+31-8uZ)& z-Fk4Zv0lfDCk_hUmK7dpKv%B#O7O?9jnrkiq7XysEgeO^MNpUik`7%)kG6~so4He? zdqJ_)QN<5Q@!9D4m zVBC8E`ldFt;Tm~|9Nh{c|9f4^d??DfnCXEf5aJUjL6(WGE#clBnz?u`vl}w7Bx@?S zf5gLvG_DXQ_86oodQ*(jhRUG_$0Fxx*+PRu9JoT^B$4WeLl?!oFJdk>lj?t(+uE8U zd|gD3wSTM_X(j%yN|TtpN=>+c?yovEWOc5#4tW0F8KZV>7xmq?wRS3)?3eUrs{7pU zFEzj!SD1F++iLq$Z>wh0<6zfkQ?;fGyN**WhEC-ax2_FL+S;bt>ZgTfRXHn#=Bi!? zAMTXaoZF5#nqs|wyp)cd6h(S`VjSWPC@c- z0EA5vqFmv9dvE)adpoykPkAOnw;ed5E5=C$op;lTlNxK(W-PA&1xfU?j6EcF{G)eW?M{H~Vd40k7%;F=-S+FjvjODOZqADY%DGKH z(gjYxF5c?BT>MX&tMq0f2@8G;`M)PFiHdvt`dRQ{W4EWilUR z#hs+8gOHknj_W$9*=bU{>xLvJZZs{+=^>Bh>`Q}W(&1X4d6Csp{Caz?9fi6(oLvhh zGlb;ENfStk*OV-gb&qYSZRMHz?JKV?|EC<^pVdODPTZS1Ty1@1l*JsKH3UQK5Gcf{exLqK>p@^X-^oQ~Vw2<-jkx!yDrq45rs~t1c3pe*UD?%*Np8a&B|ehg$+Z~v zA#SS76*?r(dT?>?zK*P-<} ze%ko&t!>Y@qQmdqoekfc@7*cq{4f8DbED}E7naq|G{*%wSt6EPBbi*uW7Qg$8|)pz z5!h=bOxOymW6oLnpqP_9u9o~n3Rs0H&J=F%(msC1CeHmB-iC!jyNTpM>h22pwQU!A)ji47!)u^_k zW&VN61qC+t=`9WIlxnEnsF!i}{(73xY~B2C+>iCg=TB*O`6UOnHj)mgHZ!&UEqRY} z#Z<`v32;Xr#cWY34f6Gq-!C}wF81{_KO<{%Cy^;*dH*;?+OM$u^Nh^ZH(LIFd~7d2 ztCtJ9nx{aj>cD%3#Zc7{Twmp?b>7}GUTeLlSKhglu0>1zvHr>$c9(1(RKSdN{>GiN z>8jNhASzfWH5W2X3VITxN5#0i_2E@&Z>_#WQLPeTE%^RUImSKfhAy4!r>F~*?ory1 zmy+BQ>vL0Q#E${<)UnZh^5kVU3>WqydrFMUtzw~OIv$?^^-WlHaL+^gz&|bL7yh=} z{IzuVnSc3pp9}GM&6nrB_D%C0O2u5*ygOzhbiRx*0L* zQMIf??MwDWZ=LSn7ks`Yx6Q_8>Q6vMcXyS2sem?Rv8<| zx|crxdcCM;9RF$xSCFNc&P5+r@`u#57pccSCGPG25&Z@ZpIsCa)8}YXV()0t!&~P=c*28u2|xm6efhc`+$+m-BBrNX60vW zbyMHUhh6#4zpDSzY=EexLEC=Pr6U%RTWab3X3IaZR(}F%usk%o9Zkj4I}>6X(eK$b zRsNWwbg2bbeUa&tyn;$}fXsG_=>RK>zE>oh(t}zO8pAil3iqeL${xn>@U9J!1I~V= z1*M`jRn3s=`d$$jgv)F2SV5m~Ydf zIf7EpY;C(Wtdq(yLYhR{|Dgt6^n7%{v*~9J7P?=`YPbDkx&Qe8A5@803IpO_Nhv{Nxm%+HFU(V2Mmj@csm#~@ z=~0%3(sung=l86RzLtzx2CP#?$m??9Uafqjr0p(qj5Hd>>dz5CSPO&0ZmQ6TM$c#m_ zRsL$s-D=$3#8kjyTopk}>4;Wb-LE9!Y(MvfE+Qvin*&`VFfvVx#mx@z%H(ABt`*0y z_i{;8L0xcVZEykOuu1sDJe$IPh?teIC^qsp!q!Ud5 z0qfN6*@nGbYDWS(YAQRGK4jAhJo}{`c_>L`0ETf|gx1a94I@U<=TFP;O?Swu)eb*O z7OT-77Tdk2Dm)|QQbW>F7E%sKZTe!KP{8x7LP6vfg29~ZpK2%_rPnND+3IH&qixoN zeto-g=vO873zOO|4t!C>xmm=D9@;@fgg|L?D|#N4psh&P>gS6i>sBZ4ol`d>u1|UD zPDo5fcp{|_H0{z`QhHvzKF50XG;rhxShiknb#jQh5SN@KO&I%g=Zp^XRFQUXSxvjC zoVT7Pa&IG>P}c^td~zl1pA~4i4N#HhX0QdR!5eGjv^DU>rtX4X%_+4KRbwK4qH`#K z?vx4PM^lkfu8zXE6!Wb zpJ)9C{r^6mdq4lNba|1II3U~Ri(GK=+XHcuqf_k_+DV(0%* z6?bQTvBfgl77~cumb|Ny>WdPH|6xxH`LE{p=Hh>;|L4Va<@|qp=RyA8%X9DY|L}c+ zMWDvI28dk*sM%p)%NRFrqEjK@w?PgfZk9F)&-swyWdFN*&c}cw{b*#1WuEP z_!K&S?m*|a&dmo!GQtg~Q8b4?rX-T{8URTW9IWTOr3yN>Ph}qxbCHGf3pObf{?DyO zWwu~_4O2oa6tJmD_3HRswna}^LjA7i91V*lVX_Mg7VX2_!G(0kD+v;LjqPHZ%Z3$0 z((s9SnemESx?5Xm(2DN13Hd12F(9q^)xt9)hk{bvIx}1gzpjj6nF|ZhRKKe*+hPlO zDHG<^1HVdMY&NA8H(JFJbH+4T^JF*L6`i-!aha;6YV$_t`!d{9Zru7zc>zxLVzD}1 zuwoXrTEnu*$W!d9?b0d7Jr|cy?b}-~rCO-#UQ+uJ*6J!1*Aj``EmW90Q{)M#x*Rx} zMrr8gjjUo|x<=IiqmNC!mF1fo&EqfP3AQNO4R3uZ8}vu8!Q<`EUREv;Nbv{=fU;;r#bro_p8- zv*TaIR(ji9ux}dnD{PhKK=oYTZ>n=U7u(1!6{V7tMQS~Dpfj0g|6FvyTLR_6Vc~~f zcK7HcQ8#SW8L7m^l+m@0fK8kw{%#f8fl)Z4u`w&Af^wa~G}AV$%ePp6RLfZwQx9+( zP$vqZDb>r=>7cnAwfXy0m>Q!Q@w=)7e0{A+4>9<27!O&CnpDljn9b-_zev-{bl7*e zayqJ7GP;IkG?zR3HC2UL1)Wh&qB2E=l>Bzmr@KDQE^=r^fmyyS6wa(Ot*eGW1<)_c z`;S(1s^6`+wYvIpd70~T-3mj@D(BAm$(s5;wlyq+vsbUtR8_ymrZ%EE1Gf5J2{lN-ImAJfwFb?SZMPEJ2kZz7CUAou| zh~;Z7yTHphaGLUv&M4N_4u?P@PDwB~g|%C)$^5#kI#IDgy9$?`jmcbGgV52pRf9Lh ztl8!J)BTz|)jORobRrs$(s2j++c<|z&LPGS6fO9|zZV9N>7`%cSa1t0`&iB7<1Aek zT#qSN#c(qkhXO>(B)czK3nj=ki$RqyvIzw)-lzVX0`~VJw6ah#w>(X_eT`7s0_u(S zqzWefh%yRyJa`*M5hS611;dbwG%uB}0|NE>3=}Yhs+tpUF}^65mJ(<6Mvru)c{2b` z;($#u!YMFnI>CkS7>g*0i=f_)Dc;yknKUdx%qIh;&gNQx&b=2kYEEfBloJO9Gv1vR zBn9u4lq)vH<@*K%7ss?=+>r6GOTDGp3sxRi__=-YAu9?2vla$=ZKvx!r zl8c*1Lm)LPNA`t<&hzTes67~#Hgm(cMpqn1^+}OKy?9&@Sqh=NV>z}Qy`@@5b+^m*<3|~0doQ8Wf$TP^ z773-F^M!7CRWU-z%U_wsxwtA9O37ZBrUnZwX|4ACZSXX$vc{TW3>*HW)Tr`aKTX3( zcq5wrMCadgHjz7zT_R3&z$0{%%qB8tcezm!3?fuj;3vg5hE(vu!om9|U0J8o{Lc#b=Y=*511D^^iETv`0*`#z2NG`@L zVA7zt4h2Sf3kXx4?M!J$W*^mtP7B*uZ7r)>#JZn1`VOiVTa&qxfnTZhY7eRb%ICIP zSG3la>WXIeT`Sj|Qgb@ik9Vt$SYBdGKxXx}*`SAXZMm;dZd5|bd%Rbi<|>?GgS!2^ z&dDsbhgk-)vi^&&mfyCy)}8|b38%A=O-0obA+|{?+AMa}a@k`4Y^!%g?q0^+X0#t4@+5PYS&WoMO`Ts-yulspESN<zN#Fe_reJ%P0;)n-77I3fd(yeCVDxc`+d?}UB>>8%U z9$zm0XyG9#3bX20`qd`=0}p}=O}eF{CA0h4ZPcabUpv2c>=ZP%M!xJ@WdhV=);OB4 zS=xSiPYd~<=d8Km4zNuAKYvlV|MBAK_JjPtkLNSU|2UvLbM32>lkA)%i@QlEACp8V z<4O1|$!@FbKZI1J1;+O@Ysxk0mY|q#sb<%xSiPXt!n*?B!69|v5lNE87o)2k+MA7{ zj4j(Mp$4*kCzOwO*DEPzc-8OBp*z{(Z8TSt|iMne;s8sxGbt39t?YwFW##$Li&3B7aW2|ZYw~+tp zNaPOh|Mhpu^`E!5pS^gH|M&6SyZl$lT*6q@p21WKDT5JB^Rs^KA!`=viX*kNZ$wiq zZ5R7NOwj}VD}LjeA6wp+Y3SJUw{a8oS&uXJcfk(h*&D)5F?;$xVLXKoA94VnKD~Uj zc{LqSKaG$$##3Wm+gNxNyX4`p+}t`TkM?bV%iwpxV!1=T?0i5Uo+n$V95A1x)cptp zBIxs{;9^$TvXkq(X&41S;~C5dSD_6m-jJwkSW73eL=-iPW@aXHH}kSCpPCXV%O8ku zFeWyMLi8F5`421+AVCxG!Z#f`>eqZ?%k8Rv?7RhoSwsF=7El(WT)M69V$&Ux! z8v6+U%nyMYp)`c*rMV`ChZI_4Q8T!7<`$llXVG)&ua%Zq1#s^5lcUj51J(?BouYrZ z-t~<;T6!}0UA}l!I;YK=>DkPBs)TS_aNL>`??m0g;&c{LbumkdPOi@y*bp9nBOYr% zFNCo^Ug+q!%*Lbbl4E<*xX5#4iX39Sc)7@Boq4ura{lsA5A_K`gay8Bb=+ZSXhq}{ z4m^Ny-BNp$aS34rXaq5fUER73%QeS@ltMYL=)7O#Lk!?tl@km7l>>nF@G&?ld&lXF zazTHRKkmH*{ikkKjVCmiqtu761RU2mjCgJom2uzg64>WWc7WF8Ib-6yZHxGFqheXN;)ZUy#v) z@*ii6rHjOSEi~I_PT~MIGtX4VTs-N3Rl=jI(`}claeP!!G~b7D03DbA`fKp#M<2zQ z>^ytE*HM|c-|n9sA07X&2WR={A)qPsQyRdg)WNM%A)h|&$zNofPoKJ5pmmHmt9_*s zx~gEKXbzmpVbWN~GLsn#gDSOkoy`P`ePWa@jb|ZevAQ^i*K?XHP-)swE=&`YL)}ir z$>f7I)kiqh!7?VIEWiHR0vZ`CUCI2*pmj~WUb*>DR-1bx-RdX3{bU$8EoQ;?4K~k+8Q22a7o3bz@-GT6$^P4U{`A5AyO-zl*?&JvR(kc_+O0psqF;>dX9n76`Qcrn+gW|4kGrw?YDl`0 z#b>_P;K(!`-`MCY!Kyd;2=~WfO8s=oYfsV22wBa`kf!Ol*>o(yksGc2puucBV=Qej z9l78bs1&l$#_vs4!feg6@P;LxpJa9Fn!!ce+Onfq$mw_w8jt2-c59ZriW_MhU&X|n^a&6l%AWuOh-H*n?{ zur=^*;>c+UX3cIKGl&)D{e~`_CMdUb;25x9xckNyr>m^7f>L*f&YL@2ZiOM-W}VqP z(kct9;kz|E=H&WaVPUMQ9Q`FTYD>ww8MA-CsT*!p{|}2tY`y-U{`Rw{<@W&;jRr0Rp5YpeT z#UWIL)!-0X?8YgAXmH~!bt;tx)$COI(i}psNJ<7ol)n%3&-dj}I;ZAhN7a?2-Ytc+ zKTXGnIj>l7GQMbVL*dVd&1|-czr@C3i7k2u-Y?~Yuu=FT-C|nQ{Rg#_lC;XU@c~23%qaQ6VPD4Zr__8#0v9%Q{P(yl-v5=G}tfP_tx4&)1*P)rH5wC zc246Mmbq!H1$6^A&7HbL7nvkq@6_DhFKVXj?){>l+rhKsS=IlCX>V7&2)Zo(>-p14 z{MXa|!~M^Dc|N26Z+`wiuh;MRE97PV{BA!S=4hb$1cOaoH`sn$i5S(jOR+x%J%RZ4sF ztH>Q4OZu>Er3KMN^}W?PR=nb7^BKJ<)n>JnZ8r0(&71AonzgZ}6f;#UitZInA!{O6 z;zD~C^Vuu<5o)?9&&L8{uj)`($egWa;BMUui%0e)IT~)JJ_pnf1DX{Dq!KZ?BkE#N z8qY<0UX|IVf_kRHRUrxY6`i|m=$dzn_O*s`n;u{)af$hWX4tB7=wYm}Hd|Oph&OI3 zi$_pYr%OgmLrtyPR#rb2dn!%|==&C56-r;%@!n_iH7(ykSMx+Hhi7ecicpPZ)K_58 zawp3JX6r3wlev7eJf{{e^**F-aX1U?>Bc@*1-xcgl{Lf_Ip$_gs|A2=>AA8e>&tdu z8D~dDC0ua|8q~@=bcU?gJZL?lJCPoF(_gX!(d7~Zb>-^PT)?+rud$?}GUmHNREVlx z)G}^l?aD4x-{T!f5?filnJ6i$yI(OE*N$g>(#?d;WC0T>oun_vy0-|L=V~>+%2I z$N_vNdFgJh|0*{9Vtl`dPP5w=U*FE-t9rN_XK#g=?cB2JvvwZY#(=v5kSjVDUV?2) zfUx8Q;o-k%@P=~H;G!!4vp(@=>YI)#e$?#4PNjy)=dhUvzhMoe(l|PGK@{DkUsXS# zf7A}mxCWct?TvbMn>ettv$#GAtQsU3gu-?{u0*QLg}9tZcGK46DPZ}Fp!?Hwy!w1< z7G93yRM69v(EK92`BtgIoIp)Y=QM#QuN!Vz+Gn?>>9}aR2XKp3fKmrOjd41`YiIt=jrZ zcgOa)un$-~+}@VLWwWgEWmSIhr%sctp9M2$70KP+)@pJ?Z~gW5*3Wutqw+OrdaBNG zEp6(CP_21fng&R$&EAZ%-pO$>)^)5?W;7ARIv#0IVQgtA-keOL!fnUg*lX~oJL$)RS(f-ez28YRoTO?aRm1IF?SiM8VP}Ihnh5+guyA{`s(I z?sw6YOpOY3aErq;O|by3H9pIcEJv821v2zjS(L@KQ}$Wjv@(0X;+ig3DwWy{%<@rn zI=0`*>*U5y*IdH1eyN^z&noBKk7gvhF)EjX-pUG1Ml?N`a!%viso3e19XBKnGRdJO zM#+C-dTOE?essYO3(S4|Xa@BJG88k=auZ^W;0jisYHSD4G0 z(-iQ!4S`-o4}b#y_#5%KD%P?B%_IomvFl2;NSa$OAIaug3P>zS9C*?S%UL6zed{+v zzzQX9Yu7aC|K6BJlW-I>PH(MaF46zDpY4?N|Nis-i`@tP|301#I3=l+F+y^snsB*c z#4wnKQ6S}SLi{T-qQY}F;9?vK5Yr@KJQX0uG>R}<1tui*$6-9$0!|~6hBLk4<-e0S za5f;OBNgAgshkQrjuif{t_LS^GzS*rml7pND2FJFspojF&VM_X+mo{a2gsrD=HMKH zkPF8fg=r7}tI&76!M}J9|7(62k9zVy=1(z;dpV#1@vo){S}nqP;)(0TdEyPomGi_) zCyDdq|8q9r4dEf13OIUoC>$^0?04#?ju!@$^i(^}es{c?@L526Uy(ndY5kua?!Wr^ z(3=En=wr$KuV*j%FG}nG+3xOx{eLgd27IR~`kU48IvjARZyZQ=aGZU3_alua#h?GV zIZo3=?Dcwbm+-{67cgJ+QkI0i=tZjOZ=vimzPo}b^@BvIH0i~QmuE(U2#vt!yQ^XLHD5Vz4zXmco`i zl7w$e_p`op6~@6HNE199{Y(;PLQ^8uUx~TGyT;~`FN8OoMv)3;#3O0*)nu-88|eH< zqlm#<#-pI4kl5IOqd4U(nBqBteTPYXb|1s?xoLqG;SQ1HVT{Aemt$|VQAX6#C$n=;uWuqg+UWWiI| zI>{*Zf8c`8;hl1U!G7Kj4oFHOHp(&7tm64>(xY)odBQ_MyIZK%DH{4BOsQ}j7bIbLOj9bL@Ad!kXUA0|-Su|7?LVt;qyjStX(7nwN5f;5o^mQ^oIY0gsFQw?BSbhSa|a+ysq#N8#?+Y4(Hw+9 zI#xg=XJ+W@eqb}d<3mIyDMZ(EoPZ9d7P$xNFt9=zH5NR035PIeQ@Cc+D1a!uqVkQP z6zKbu6A0rW;}f+U)Q%wRNm9pzlDGF`2xF0w*ryuUfbKaP8C%*Mw^0!JMSj_k^lzB` z4X~yk?3r*jKn-1Eq$TbKoJx5wQX2a-Us?JHcqyICxv6R|)m;P2vxy+-=r|%}oQ&u} zM1)wzn?H=1P_C97!4%%GXgZ;At^ff-+Jd8@;k}OA*#f(pW89=V9lbdOp^$hA2ln%ix}B|K1><$e;kp>>3N%*|3h9^o_!FD7tQdMc5JnHUKGrNN=D4 zW_6qK>|r5-C}&&LNtTS#_P?1(B<e>OlHZ4t4R5|*L50XDK50GSt2HZnmqKhb$cN=Zu`utaPs zCDmJLI$!GuPY^T~AsWND7BTCMt;>Wl5RLd22sWXRh7&3zfNK)tq8!PumHxt2C_=)7 z2nS&lrgPOTYB*yWa#5y+)Pc z|NQ*z$=R#y1t_oL_nb}ktRF!W8bi&7#WxGcWoAc>Si6WT`48&v7M4#Xid|mO`NAHr zET44S4)sl|Jf!i{C#0XVVINo^SxYObxcHZ?CU|2XUFrpPd~$Jk?xpY3f;D!Fqv7rC z`#l`q?%&{exNWxEWg&sLJ}AbyIT}idG-TYDJ0}y_;k~{Rj;9Y&W`$9Nx*du#5>aVL zSBz*B#Zd%O`-RC|pZ1`OyfjfSJDsf(Enjvz$nlR$O5m%;CX#S*=joex-f$+NidQ%8z7 zBIxs{;09f%js*Q1k)UsrpuZjx^zVQK{W1xR&*PV5#7Q7E6%-*C4Eo--x9vFZPGUG_ zGddYi4*lIN*xBCM-cly?Y{xjU;hG3Q6GWOv!!QoTm0(c( z@o-8WAW5hP<)T>cqS@<{STa=r6NWU(ja@QeQ?;%vye`#|x#zg>i=={5gS12SvVzlW z*DIhkB!BcabZZxpb2XbU!A5p?QRF6xhk!(xzed@9f`rBG{s|tKz?cXaNadaJfJ%lY zQ8Fe2nub2EDAaJrY{Et~rgG-5$z18dat9dG%r9m+@idPeNM;Qv*SG@2 zp9m_tdYR}~@kmXc8AHlowyU}27eR;92%<2)LhtF{Oy9Ck&vw|R)0FX$M54#3V9|`a z61^S#@2;CLk-9l5YNmUCw;{F}P3;GRh>d!x4Rz&6uupfkU96=NZy%{IkKUY zzQ_Z(yy<(NCb;~4Hc6sTnb2nI&>%eL9~uA~qy$&IMAhtdx)qSragZc?z25cpwMP&| zkMU72QcXnf_0hrM@i~T;{@rnYi6bgRzF7|D#(gg(c0{g03X&10O2CIPT=Ou+(`Lbj zsU(pTgd*kPV44=lV{i%u*bSsyj-j)E4oBx5_-_CF=zPn0dvx*R$uAf1cK_^b|M=qQ z@ElIg;Nax=)zQV#$?-Xyd=LA_|A3#4j$ds74V6ppy%e27A{b6^YxkUUN(-GESC?|i zhCW0j9!<%J!idc%kMZ!G@<}MvUPiNZ;kYKd4Gj`tNEJU=`S&%^WCpZ`Aq0RR7> Kg02_oSQr=p literal 0 HcmV?d00001 diff --git a/charts/apache-shardingsphere-proxy-charts/charts/governance/values.yaml b/charts/apache-shardingsphere-proxy-charts/governance/values.yaml similarity index 100% rename from charts/apache-shardingsphere-proxy-charts/charts/governance/values.yaml rename to charts/apache-shardingsphere-proxy-charts/governance/values.yaml